TechSpot

Could some one help me with this

By oldschoolrock09
Apr 17, 2008
  1. i have got doginapen and whataboutadog on my computer
    i looked at what i had to do from other posts
    i got the AFW and i got my logs from that
    i also got hijack this and have my logs from that
    i will post both of them below
    if some one could please go through them and give me some advice that would be greatly appreciated
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi oldschoolrock09,

    Welcome to Techspot!

    My name is Blind Dragon and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.
    --------------------------------------------------------------------------------
    Download the ATF cleaner program from HERE and save it to your desktop.

    *Run it after the next step while still in safe mode
    ---------------------------------------------------------------------------------

    *Copy and paste the next 2 section into notepad and save it to your desktop to have while in safe mode*

    Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
    ---------------------------------------------------------------------------------------
    While still in Safe Mode
    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    You can now boot into Normal Mode
    --------------------------------------------------------------------------------------

    Fix AWF Infection
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach AWF.txt file in your next reply

    ------------------------------------------------------------------------------------------
    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


    Open Internet Explorer
    click tools -> internet options.

    Click the Security tab
    Click on the Trusted sites icon.
    Click the sites button and remove all sites from the trusted zone by selecting
    them and clicking the remove button.
    Once done, click ok.

    Warning! Do not click the links below in the qoute box.
    Click ok, then ok again and close IE. reboot your system.
    -----------------------------------------------------------------------------------

    Come back here and post the logs that I asked for above. Also only use internet explorer if you absolutely have to, or if I ask you to: Here are 2 more secure browsers to choose from:
    1)Firefox -> http://www.mozilla.com/en-US/firefox/
    2)Opera -> http://www.opera.com/

    The instructions in this thread are for the use of oldschoolrock09 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    hey thanks for all ur help so far
    i have a question tho
    in the fix AWF section, it says paste to clipboard, what clipboard
     
  4. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    oh wait, i should read further shouldnt I LOL ;]
     
  5. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    here is the AFWtxt doc that u wanted
     
  6. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    ok, i did everything that u asked, i think, and if u need me to do anything else, please tell me, thank you so mcuh
     
  7. kritius

    kritius TS Guru Posts: 2,084

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please copy and paste the contents of the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    we also would like C:\rapport.txt attached here
     
  9. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    here is the other doc. the rapport
    thanks for all ur help guys,
    but what r u doing with these docs. searching for other viruses
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    you should have 1 more AWF.txt from after following kritius' instructions

    Also run a fresh System Scan and Save a Log and attach it here

    So we need for now:
    1)AWF.txt
    2)New Hijackthis
     
  11. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    the awf text is in a post above
     
  12. oldschoolrock09

    oldschoolrock09 TS Rookie Topic Starter

    here is the two things anyways
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...